This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
The ChoicePoint Dilemma: How Data Brokers Should Handle the Privacy of Personal Information
September/October 2007 (vol. 5 no. 5)
pp. 15-23
Paul N. Otto, The Privacy Place
Annie I. Antón, The Privacy Place
David L. Baumer, The Privacy Place
Before 2005, data broker ChoicePoint suffered fraudulent access to its databases, exposing thousands of customers' personal information. This article examines ChoicePoint's data breach, explores what went wrong from the perspective of consumers, executives, policy, and IT systems, and offers recommendations for the future.

1. B. Sullivan, "Database Giant Gives Access to Fake Firms,"14 Feb. 2005; www.msnbc.msn.com/id6969799/.
1. B. Sullivan, "Database Giant Gives Access to Fake Firms,"14 Feb. 2005; www.msnbc.msn.com/id6969799/.
1. B. Sullivan , "Database Giant Gives Access to Fake Firms," 14 Feb. 2005; www.msnbc.msn.com/id6969799/.
2. US Federal Trade Commission, "Consumer Fraud and Identity Theft Complaint Data," Consumer Sentinel,25 Jan. 2006; http://consumer.gov/sentinel/pubsTop10Fraud2005.pdf .
2. US Federal Trade Commission, "Consumer Fraud and Identity Theft Complaint Data," Consumer Sentinel,25 Jan. 2006; http://consumer.gov/sentinel/pubsTop10Fraud2005.pdf .
2. US Federal Trade Commission, "Consumer Fraud and Identity Theft Complaint Data," Consumer Sentinel, 25 Jan. 2006; http://consumer.gov/sentinel/pubsTop10Fraud2005.pdf .
3. Identity Theft Resource Ctr., "Identity Theft: The Aftermath 2004," Sept. 2005; http://idtheftcenter.orgaftermath2004.pdf .
3. Identity Theft Resource Ctr., "Identity Theft: The Aftermath 2004," Sept. 2005; http://idtheftcenter.orgaftermath2004.pdf .
3. Identity Theft Resource Ctr., "Identity Theft: The Aftermath 2004," Sept. 2005; http://idtheftcenter.orgaftermath2004.pdf .
4. Gartner Group, "Case Study: ChoicePoint Incident Leads to Improved Security, Others Must Follow,"19 Sept. 2006; www.choicepoint.com/newschoicepoint_1996.pdf .
4. Gartner Group, "Case Study: ChoicePoint Incident Leads to Improved Security, Others Must Follow,"19 Sept. 2006; www.choicepoint.com/newschoicepoint_1996.pdf .
4. Gartner Group, "Case Study: ChoicePoint Incident Leads to Improved Security, Others Must Follow," 19 Sept. 2006; www.choicepoint.com/newschoicepoint_1996.pdf .
5. R. O'Harrow, No Place To Hide, Free Press, 2005.
5. R. O'Harrow, No Place To Hide, Free Press, 2005.
5. R. O'Harrow , No Place To Hide, Free Press, 2005.
6. R. O'Harrow, "In Age of Security, Firm Mines Wealth of Personal Data," The Washington Post,20 Jan. 2005; www.washingtonpost.com/wp-dyn/articlesA22269-2005Jan19.html .
6. R. O'Harrow, "In Age of Security, Firm Mines Wealth of Personal Data," The Washington Post,20 Jan. 2005; www.washingtonpost.com/wp-dyn/articlesA22269-2005Jan19.html .
6. R. O'Harrow , "In Age of Security, Firm Mines Wealth of Personal Data," The Washington Post, 20 Jan. 2005; www.washingtonpost.com/wp-dyn/articlesA22269-2005Jan19.html .
7. H.R. Weber, "ChoicePoint's Mission Turned on Head in Personal Info Breach," The Associated Press,17 Feb. 2005; downloaded from Lexis-Nexis.
7. H.R. Weber, "ChoicePoint's Mission Turned on Head in Personal Info Breach," The Associated Press,17 Feb. 2005; downloaded from Lexis-Nexis.
7. H.R. Weber , "ChoicePoint's Mission Turned on Head in Personal Info Breach," The Associated Press, 17 Feb. 2005; downloaded from Lexis-Nexis.
8. J. Krim, "Consumers Not Told of Security Breaches, Data Brokers Admit," The Washington Post,14 Apr. 2005; www.washingtonpost.com/wp-dyn/articlesA51722-2005Apr13.html .
8. J. Krim, "Consumers Not Told of Security Breaches, Data Brokers Admit," The Washington Post,14 Apr. 2005; www.washingtonpost.com/wp-dyn/articlesA51722-2005Apr13.html .
8. J. Krim , "Consumers Not Told of Security Breaches, Data Brokers Admit," The Washington Post, 14 Apr. 2005; www.washingtonpost.com/wp-dyn/articlesA51722-2005Apr13.html .
9. Huggins v. Citibank, N.A., et al, 585 S.E.2d 275 (S.C. 2003); www.judicial.state.sc.us/opinionsdisplayOpinion.cfm?caseNo=25691 .
9. Huggins v. Citibank, N.A., et al, 585 S.E.2d 275 (S.C. 2003); www.judicial.state.sc.us/opinionsdisplayOpinion.cfm?caseNo=25691 .
9. Huggins v. Citibank, N.A., et al, 585 S.E.2d 275 (S.C. 2003); www.judicial.state.sc.us/opinionsdisplayOpinion.cfm?caseNo=25691 .
10. A.I. Antón and J.B. Earp, "A Requirements Taxonomy to Reduce Website Privacy Vulnerabilities," Requirements Eng. J., vol. 9, no. 3, 2004, pp. 169–185.
10. A.I. Antón and J.B. Earp, "A Requirements Taxonomy to Reduce Website Privacy Vulnerabilities," Requirements Eng. J., vol. 9, no. 3, 2004, pp. 169–185.
10. A.I. Antón and J.B. Earp , "A Requirements Taxonomy to Reduce Website Privacy Vulnerabilities," Requirements Eng. J., vol. 9, no. 3, 2004, pp. 169–185.
11. R. Moffie, D.L. Baumer, and R. Tower, "Identity Theft and Data Security," Internal Auditing, vol. 20, no. 5, 2005, pp. 29–37.
11. R. Moffie, D.L. Baumer, and R. Tower, "Identity Theft and Data Security," Internal Auditing, vol. 20, no. 5, 2005, pp. 29–37.
11. R. Moffie , D.L. Baumer , and R. Tower , "Identity Theft and Data Security," Internal Auditing, vol. 20, no. 5, 2005, pp. 29–37.
12. Privacy Rights Clearinghouse, "Alert: The ChoicePoint Data Security Breach,"19 Feb. 2005; http://privacyrights.org/arCPResponse.htm .
12. Privacy Rights Clearinghouse, "Alert: The ChoicePoint Data Security Breach,"19 Feb. 2005; http://privacyrights.org/arCPResponse.htm .
12. Privacy Rights Clearinghouse, "Alert: The ChoicePoint Data Security Breach," 19 Feb. 2005; http://privacyrights.org/arCPResponse.htm .
13. D. Pierce and L. Ackerman, "Data Aggregators: A Study of Data Quality and Responsiveness,"19 May 2005; http://privacyactivism.org/docsDataAggregatorsStudy.html .
13. D. Pierce and L. Ackerman, "Data Aggregators: A Study of Data Quality and Responsiveness,"19 May 2005; http://privacyactivism.org/docsDataAggregatorsStudy.html .
13. D. Pierce and L. Ackerman , "Data Aggregators: A Study of Data Quality and Responsiveness," 19 May 2005; http://privacyactivism.org/docsDataAggregatorsStudy.html .
14. B. Husted, "Exec: ChoicePoint Will Be More Open," Atlanta Journal-Constitution,1 April 2005; downloaded from Lexis-Nexis.
14. B. Husted, "Exec: ChoicePoint Will Be More Open," Atlanta Journal-Constitution,1 April 2005; downloaded from Lexis-Nexis.
14. B. Husted , "Exec: ChoicePoint Will Be More Open," Atlanta Journal-Constitution, 1 April 2005; downloaded from Lexis-Nexis.
15. B. Husted, "Boss Keeps Low Profile amid Crisis," Atlanta Journal-Constitution,19 Feb. 2005; downloaded from Lexis-Nexis.
15. B. Husted, "Boss Keeps Low Profile amid Crisis," Atlanta Journal-Constitution,19 Feb. 2005; downloaded from Lexis-Nexis.
15. B. Husted , "Boss Keeps Low Profile amid Crisis," Atlanta Journal-Constitution, 19 Feb. 2005; downloaded from Lexis-Nexis.
16. S.D. Scalet, "The Five Most Shocking Things about the ChoicePoint Debacle," CSO Magazine,1 May 2005; http://csoonline.com/read/050105choicepoint.html .
16. S.D. Scalet, "The Five Most Shocking Things about the ChoicePoint Debacle," CSO Magazine,1 May 2005; http://csoonline.com/read/050105choicepoint.html .
16. S.D. Scalet , "The Five Most Shocking Things about the ChoicePoint Debacle," CSO Magazine, 1 May 2005; http://csoonline.com/read/050105choicepoint.html .
17. J. Peterson, "Data Collectors Face Lawmakers," Los Angeles Times,16 Mar. 2005; downloaded from Lexis-Nexis.
17. J. Peterson, "Data Collectors Face Lawmakers," Los Angeles Times,16 Mar. 2005; downloaded from Lexis-Nexis.
17. J. Peterson , "Data Collectors Face Lawmakers," Los Angeles Times, 16 Mar. 2005; downloaded from Lexis-Nexis.
18. B. Husted, "Data Theft from ChoicePoint," Atlanta Journal-Constitution,25 Feb. 2005; downloaded from Lexis-Nexis.
18. B. Husted, "Data Theft from ChoicePoint," Atlanta Journal-Constitution,25 Feb. 2005; downloaded from Lexis-Nexis.
18. B. Husted , "Data Theft from ChoicePoint," Atlanta Journal-Constitution, 25 Feb. 2005; downloaded from Lexis-Nexis.
19. R. Konrad, "Californians Warned that Hackers May Have Stolen Their Data," The Associated Press,15 Feb. 2005; www.usatoday.com/tech/news/computersecurity/ hacking2005-02-16-choicepoint-hacked_x.htm .
19. R. Konrad, "Californians Warned that Hackers May Have Stolen Their Data," The Associated Press,15 Feb. 2005; www.usatoday.com/tech/news/computersecurity/ hacking2005-02-16-choicepoint-hacked_x.htm .
19. R. Konrad , "Californians Warned that Hackers May Have Stolen Their Data," The Associated Press, 15 Feb. 2005; www.usatoday.com/tech/news/computersecurity/ hacking2005-02-16-choicepoint-hacked_x.htm .
20. R. O'Harrow, "ID Data Conned from Firm," The Washington Post,17 Feb. 2005; www.washingtonpost.com/wp-dyn/articlesA30897-2005Feb16.html .
20. R. O'Harrow, "ID Data Conned from Firm," The Washington Post,17 Feb. 2005; www.washingtonpost.com/wp-dyn/articlesA30897-2005Feb16.html .
20. R. O'Harrow , "ID Data Conned from Firm," The Washington Post, 17 Feb. 2005; www.washingtonpost.com/wp-dyn/articlesA30897-2005Feb16.html .
21. H.R. Weber, "ChoicePoint Had another Identity Theft," The Associated Press,2 Mar. 2005; www.signonsandiego.com/news/computing20050302-1402-choicepoint.html .
21. H.R. Weber, "ChoicePoint Had another Identity Theft," The Associated Press,2 Mar. 2005; www.signonsandiego.com/news/computing20050302-1402-choicepoint.html .
21. H.R. Weber , "ChoicePoint Had another Identity Theft," The Associated Press, 2 Mar. 2005; www.signonsandiego.com/news/computing20050302-1402-choicepoint.html .
22. M. Kempner, "Checklist Failed ChoicePoint," Atlanta Journal-Constitution,20 Feb. 2005; downloaded from Lexis-Nexis.
22. M. Kempner, "Checklist Failed ChoicePoint," Atlanta Journal-Constitution,20 Feb. 2005; downloaded from Lexis-Nexis.
22. M. Kempner , "Checklist Failed ChoicePoint," Atlanta Journal-Constitution, 20 Feb. 2005; downloaded from Lexis-Nexis.

Index Terms:
information security, data privacy, data brokers, ChoicePoint, data breach
Citation:
Paul N. Otto, Annie I. Antón, David L. Baumer, "The ChoicePoint Dilemma: How Data Brokers Should Handle the Privacy of Personal Information," IEEE Security & Privacy, vol. 5, no. 5, pp. 15-23, Sept.-Oct. 2007, doi:10.1109/MSP.2007.126
Usage of this product signifies your acceptance of the Terms of Use.